US spies still haven't told Congress the number of Americans caught in dragnet(arstechnica.com)
arstechnica.com
US spies still haven't told Congress the number of Americans caught in dragnet
https://arstechnica.com/tech-policy/2017/03/nsa-spy-law-up-for-renewal-but-feds-wont-say-how-many-americans-targeted/
23 comments
The TSA are not failing at doing the one thing they were designed to do: spend taxpayer money on private companies whose investors and executives are politically tied to the politicians who legislate their funding.
Crony capitalism will rot the insides of this country until it's hollow.
Crony capitalism will rot the insides of this country until it's hollow.
My favorite is Medicare and drug prices. Notice both cases are funded by budget deficits that increase the money supply.
> both cases are funded by budget deficits that increase the money supply
The potential for your example was high, but your explanation fell flat. There is a connection between Medicare and pharma, but it's not that they both 'increase money supply'.
Big pharma lobbied government when writing drug pricing laws for mediacare. So retail drug prices are standard and non-negotiable. The result is the largest drug purchaser in the world must pay full price and can't get a lower price for bulk.
The potential for your example was high, but your explanation fell flat. There is a connection between Medicare and pharma, but it's not that they both 'increase money supply'.
Big pharma lobbied government when writing drug pricing laws for mediacare. So retail drug prices are standard and non-negotiable. The result is the largest drug purchaser in the world must pay full price and can't get a lower price for bulk.
The point is how the government pays for Medicare drugs.
Seriously diminishing returns may be emerging in bulk collection. The disgruntlement this is creating in the intelligence community work force and the recruiting pool may not be worth the gains. Hard targets must be taking counter-measures as awareness grows. But, in fairness to the IC, its really a political problem. If zero tolerance is the goal for attacks against the US then zero privacy is going to be the result.
The real value of bulk collection is in the political elite targeting their future opponents through exploitation of their flaws after digging through the treasure trove of data obtained in the dragnet. THIS is the real danger to society. Not, "we have nothing to hide so we don't care."
Zero tolerance is the problem: even with zero privacy it's not possible to perfectly predict actions of people because they are often irrational.
They don't know because they aren't trying but i'm guessing its basically nearly 100% of the population. Its sort of a mathematical x degree's of separation problem. They monitor a few tens (hundreds?) thousand suspects, the direct contacts of said suspects and maybe or to two levels more. So its what 3-4 degrees of separation? Given that "direct contact" likely also means that anyone found in proximity of the suspects for any length of time and its basically everyone, after all you want to tract the contacts the suspects have with people on the park bench. People forget that "metadata" isn't just phone calls these days, its your cellphone pinging the tower with "I'm at location x" messages every few seconds.
The authority of spy agencies to do what they do derives from the people through their congressional representatives. Congress should zero out their funding. We can always start over without the bad apples.
Congress zeroing out their funding wouldn't necessarily kill them, it's a little more nuanced than that. For example, the CIA and Intelligence agencies by and larger are contributors to https://en.wikipedia.org/wiki/In-Q-Tel. Not to mention the funding they produce to generate funds within their black operations.
It's either a ton of people and they don't want to admit it OR it's very, very few people and they don't want to be asked the obvious follow up question of "who are they?"
It's very likely a ton of people, but it's also very likely nearly impossible to measure.
If you're the CIA and you're tracking the cell phones of say 10,000 foreign suspects for 10 years, and each of those phones is making 10 calls/week, you're at 50 million calls to analyze. You could probably look at the country code to get an estimate, but if the other side of the call is a foreign national in the US, they shouldn't count. If the non-US country codes happen to be owned by US citizens who may be traveling, how would you know?
Phones at least have country codes.. How in the world can you assign a country of origin to random email data or plaintext data through a router somewhere?
If you're the CIA and you're tracking the cell phones of say 10,000 foreign suspects for 10 years, and each of those phones is making 10 calls/week, you're at 50 million calls to analyze. You could probably look at the country code to get an estimate, but if the other side of the call is a foreign national in the US, they shouldn't count. If the non-US country codes happen to be owned by US citizens who may be traveling, how would you know?
Phones at least have country codes.. How in the world can you assign a country of origin to random email data or plaintext data through a router somewhere?
It's a ton of people.
I'm sure it is, but the issue is more complex than that.
How much data is stored on each person? How many hoops does an individual analyst have to jump through, if any, to access that information for an individual? Is it stored in an encrypted or anonymized way so that an analyst can't access the details without approval from management? Are there jobs constantly scanning this dataset and alerting on suspicious patterns, and if so, what is the average false positive rate and does an alert give carte blanche to read all of the data collected about that individual and their connections and connections-to-connections?
I doubt Congress will ever get clear or entirely truthful answers to those questions, let alone the general public.
How much data is stored on each person? How many hoops does an individual analyst have to jump through, if any, to access that information for an individual? Is it stored in an encrypted or anonymized way so that an analyst can't access the details without approval from management? Are there jobs constantly scanning this dataset and alerting on suspicious patterns, and if so, what is the average false positive rate and does an alert give carte blanche to read all of the data collected about that individual and their connections and connections-to-connections?
I doubt Congress will ever get clear or entirely truthful answers to those questions, let alone the general public.
That's easy: everyone.
The only distinction is who's explicitly targeted and who isn't. In other words, who analysts have actually examined or otherwise examine on an ongoing basis.
The only distinction is who's explicitly targeted and who isn't. In other words, who analysts have actually examined or otherwise examine on an ongoing basis.
How about the simplest and probably truest answer: all of them
Why did the USA fight for freedom against the British, Hitler, and Saddam if America just ended up as a police state? All those American soldiers died in vain.
It wouldn't surprise me if they simply don't know.
It actually says this in the article. They say that gathering a count would actually cause a requirement to un-anonymize some of the data and therefore create a privacy (and possibly constitutional) problem.
Maybe they're right. Maybe we should just discontinue the program since I don't think it's been shown to be effective at anything.
Maybe they're right. Maybe we should just discontinue the program since I don't think it's been shown to be effective at anything.
Yet they proudly blog about how many guns, knives and other prohibited items they screen out--but this is not statistically different than the private contractors pre-TSA.
What we do know is that when tested by Homeland Security, they failed miserably [2]. I wonder if we have data from pre-TSA to compare it with?
[1] - http://www.slate.com/articles/news_and_politics/explainer/20...
[2] - https://www.schneier.com/blog/archives/2015/06/tsa_not_detec...